Deck 8: Execution of the Audit Testing of Controls

The more complex the client's operations and its internal controls, the less experienced the auditor who performs the work needs to be.

If the tests of controls confirm the auditor's preliminary evaluation of controls, the planned substantive audit procedures are not modified.

IT general controls are driven by the particular software application being used.

Benchmarking is an audit strategy that can be used to carry forward the benefit of certain application controls testing into future audit periods.

Transaction-level controls are implemented by businesses to reduce the risk of misstatements due to error or fraud and to ensure that processes are operating effectively.

Tests of account balances can often provide evidence about the continued functioning of controls.

The greater the degree of reliance on an internal control, the less they test the control to provide the required assurance.

To improve efficiency, auditors test only those controls that they believe are critical to their opinion.

Re-performance involves the auditor re-performing the control to test its effectiveness.

An example of a purely manual control is a locked stock cage for high dollar-value items.

If inherent risk is low and a reasonable level of assurance has been gained from controls testing, extensive substantive procedures need to be performed to estimate the dollar value of any error in an account balance.

Attribute sampling is a sampling technique used to reach a conclusion about the total dollar amount of misstatement in an account balance.

Tracing certain amounts on the bank reconciliation to the accounting records is an example of inspection of physical evidence.

Enquiry involves the auditor observing the actual control being performed.

What are the factors considered by auditors in determining whether there is a need for additional detailed tests of controls?

Discuss the factors that relate to the likelihood that an internal control operates as intended.

Indicate whether you agree or disagree with the following statements and explain your reasoning.
a) The audit senior was explaining how different controls work: "Detective controls can be applied to each transaction during normal processing to avoid errors occurring."
b) The public accountant was reviewing the audit program and was convinced that the following item did not belong in the IT General Controls (ITGC) part of her audit program: "Program change controls - only appropriately authorized, tested and approved changes are made to applications, interfaces, databases and operating systems. All changes are documented so systems documentation is up to date."
c) The techniques for testing are made up of enquiry, observation, inspection of physical evidence and re-performance. Inspection of physical evidence relies on the auditor testing the physical evidence to verify that a control has been performed properly.
d) The manager of a large client realizes that when testing controls, either statistically based sampling techniques or professional judgment can be used to determine the extent of testing. One of the factors to con?sider when deciding the extent of testing should include the competence of the person who performs the control.

Emile Santiago was anxious to start the selection and testing of controls at Dooley Real Estate Group, a company that specializes in unique coastal properties nestled along the Nova Scotia coastline. A charming collection of coastal communities dots the rocks along the Bay of Fundy. Buzz Dooley brings years of talent and experience from being an executive in the marketing, technology and finance world to personally owning, renovating, aggregating and subdividing property. Along with investment analysis and extensive contract negotiation experience, clients are expertly represented in every transaction. Buzz imparts a sense of ease and joy to finding the perfect property for each client, making owning beach and coastal property a dream! Emile had two main "big picture" objectives: to prevent or detect misstatements in the financial statements.
Emile was concerned about the following issues:
1) Revenue recognition was the trickiest as many of the transactions took place over longer than one year time frames. Partial payments and deposits are being made and have to be matched up with proper revenue recognition criteria.
2) The entertainment and promotional expenses were high and he was not sure how they compared to industry standards, although they appeared to be consistent with the Dooley Real Estate Group's profile and the deep pockets of its clientele.
Required:
a) What are detective and preventive controls?
b) Can Emile use these preventive and detective controls to help him resolve the two issues he is concerned about?
c) Which factors will Emile have to consider when determining the "extent" of tests to be performed?
d) When would Emile perform substantive testing of revenue?

What are the main items commonly included in tests of controls working papers?

Explain and provide examples of the various techniques commonly used when testing controls.